Chapter 15 : Dependable
Systems for Quality care
Objectives :
1. To explain the relationship between dependability
and health care quality.
2. To identify and explain five guidelines for building
dependable systems.
3. To present an informal assessment of the
healthcare industry with respect to these
guidelines.
 Introduction:
The healthcare industry is undergoing a dramatic transformation
from today’s inefficient costly, manually intensive, crisis driven
model of care delivery to a more efficient, consumer centric,
science based model that proactively focuses on health
management.
The technologies that enable the transformation are largely
state of the art and include enterprise application integration
(EAI); wireless communications; handled and tablet computers;
continuous speech recognition; new models for knowledge
representation, integration and interpretation; electronic sensor
technology; radio frequency identification (RFID) tagging and
Robotics.
The functional capabilities these applications and techniques can
provide are indeed impressive and can vastly improve the quality of
healthcare delivery.
The international Council of Nurses (ICN) code of ethics for nurses
affirms that the nurse “holds in confidence personal information”
and “ensures that use of technology…[is] compatible with the
safety, dignity, and rights of people”
Fulfilling these ethical obligations is the individual responsibility of
the nurse who presumably has the ability and authority to ensure
that personal information is protected and that technology is safe.
Thus, ethical obligations drive requirements for system reliability,
availability, confidentiality, data integrity, responsiveness, and
safety attributes collectively referred to as DEPENDABILITY.
What is Dependability?
is a measure of the extent to which a system can justifiably be
relied on to deliver the services expected from it.
Dependability comprises the following six attributes:
1. System reliability: The system consistently behaves in the
same way.
2. Service availability : Required services are present and usable
when they are needed.
3. Confidentiality : Sensitive information is disclosed only to
those authorized to see it.
4. Data integrity : Data are not corrupted or destroyed.
5. Responsiveness: The system responds to user input within an
expected and acceptable time period.
6. Safety : The system does not cause harm.
When things go wrong:
In August 2003, the blaster and SoBig worm attacks invaded
hospitals around the world. In Galsgow, Scotland, 10,000
computers used by city hospitals and emergency services were
infected, and systems at one hospital were down for 15 hours.
Nearly one third of the computers at Baylor College of Medicine
(about 2,100 machines) were infected by the blaster and SoBig
worm attacks. The cost to recover from the attacks exceeded $100
K and 2.5 days of productivity were lost campus wide due to
system out ages.
The bottomline is that systems , networks and software
applications are highly complex, and the only safe assumption is
that failureswill occur. Thus, dependability is an essential factor in
system planningand operations.
Guidelines for Dependable systems:
Guideline 1: Architect for Dependability
: a fundamental principle of system is that an enterprise system
architecture should be developed from the bottom up so that no critical
component is dependent on a component less trustworthy of itself. At
the bottom of the architecture are the physical and logical networks that
supports the enterprise and provide the “pipes” that carry data from
system to system. One or more computers are connected to this
network and the software foundation of each computer is an operating
system that is responsible for managing all of the resources in the
computer system. A corollary is that any vulnerabilities that exists in the
networks , operating systems, and other services that support the
application will propagate up to the applications, creating vulnerabilities
for them as well.
Single point dependencies should be avoided or eliminated.
The simplest design and integration strategy will be the easiest to
understand, to maintain, and to recover in case of a failure or disaster.
Guideline 2: Anticipate Failures
: in anticipation of failures at the infrastracture level, features that are
transparent to software applications should be implemented to detect
faults, to fail over to redundant components when faults are detected,
and to recover from failures before they become catastrophic.
Guideline 3: Anticipate success
: the systems planning process should anticipate business success and
the consequential need for larger networks , more systems, new
applications, and additional integration. Modeling of use case scenarios
that anticipate hospital and clinic managers, acquisitions ,and a growing
patient/ customer base will enable the system designer to visualize the
dataflows,system loading and network impact resulting from business
growth and success. Such models can provide valuable input into
planning for scalability and future integration.
Guideline 4: Hire Meticulous Managers
:good systems administrators meticulously monitor and manage
system and network performance, using of band tools that do not
themselves affect performance. These managers use middleware
to manage the workload across the network. They take
emergency and disaster planning very seriously: they develop,
maintain and judiciously exercise plans and procedures for
managing emergencies and recovering from disasters.
Guideline 5: Don’t be Adventurous
: for dependability, one should use only proven methods, tools,
technologies and products that have been in production , under
conditions, and at a scale similar to the intended environment. The
enterprise with a requirement for dependable systems should not
be the first (or second) to adopt anew technology.
Assessing the Healthcare industry
> Healthcare clearly has a need for dependable systems both now
and after the transformation, as the industry becomes increasingly
dependent on IT in the delivery of patient care. This assessment
is by no means “ scientific ,” nor is it intended to represent “all”
healthcare organizations . Rather it coveys observations of the
healthcare industry as a whole and the opinions of a passionate
advocate of dependable systems for healthcare.
HEALTHCARE ARCHITECTURES
:for adherence to the first guideline “architect for
dependability” the clinical care provider community gets
a barely passing grade of “D”. Healthcare organizations
build or perhaps “compose” their systems from the top
down rather than from the bottom up. The healthcare
professionals select their user interfaces they like, and
the IT team negotiates terms with the vendors who offer
the systems that generate those interfaces. These
systems are familiarly known as “departmental”
systems because they are used only in one department ,
such as registration, laboratory, or Pharmacy, “EAI”or
“interface engines” are used to transfer data , most
commonly from a clinical system to a billing system.
The Health Insurance Portability and Accountability Act
(HIPAA) security regulation prescribes administrative, physical, and
technical safeguards for protecting the confidentiality and integrity
of health information and the availability of critical system services.
The ff. eight required administrative safeguards represent
important operational practices that clearly will contribute to
system dependability:
>Security management, including security analysis and risk
management
>Assigned Security responsibility
>Information access management , including the isolation of
clearinghouse functions from other clinical functions.
>Security awareness and training
>Security incident Procedures, including response and reporting
>Contingency planning, including data backup planning, disaster
recovery planning, and planning for emergency mode operations.
>Evaluation
>Business associate contracts that lock in the obligations of
business partners in protecting health information to which they
may have access.
The five specified physical safeguards also contribute to
system dependability by requiring that facilities, work stations,
devices, and media be protected. Most of the required technical
safeguards are widely viewed within the security community and
security aware industries as “minimal” security controls:
1. Access control, including unique user identification and an
emergency access procedure
2. Audit controls
3. Data integrity protection
4. Person or entity authentication
5. Transmission security
Anticipating Failures
: For adherence to the second guideline “expect failures” the
clinical provider community gets another grade of “D”. Medical
technology and prescriptions, as well as clinical treatment
protocols , are required to undergo extensive validation before
they can be used in clinical practice.
Anticipating Success
: With respect to the third guideline “expect success” the clinical
care provider community has earned a mediocre grade of “C”.
Healthcare organizations definitely expect their software
applications, computer systems, and networks to works
IT Management
: For the fourth guideline “hire meticulous managers” the clinical
care provider community has been assigned a mediocre grade of
“C”. Many provider organizations truly do recognize the critically
of IT to their business success .
Adventurous technologies in
Healthcare
:The fifth and final guideline “don’t be adventurous” is the most
difficult to assess for healthcare . On the one hand, healthcare
givers typically are not early adopters, but on the other hand, they
seem to cast fate to the wind for technologies that catch their
collective fancy. So a grade of “C” seems appropriate here.
SALAMAT
JAMO! xD
davidabad08